EN EN EN
Brussels, 22 April 2008 EU FINANCIAL INTELLIGENCE UNITS' PLATFORM REPORT ON FEEDBACK ON MONEY LAUNDERING AND TERRORIST FINANCING CASES AND TYPOLOGIES 1 (Good practices) The EU Financial Intelligence Units' Platform is an informal group set up in 2006 by the European Commission, which gathers Financial Intelligence Units from the Member States. Services of the European Commission participate in the activities of the Platform and provide support. The main purpose is to facilitate cooperation and exchange of information among FIUs of EU Member States, with a view to identify problems and good practices in the framework of the implementation of the third EU AML/CFT Directive. EN 1 This report has been prepared by the EU FIU Platform (on the basis of groundwork carried out by representatives of the FIUs of Austria, Estonia, Malta and Slovenia led by the UK FIU), with the support of the European Commission. EN
Table of Content 1. INTRODUCTION... 2 2. WHAT IS "FEEDBACK"... 3 2.1. THE REGULATORY FRAMEWORK... 3 3. RELEVANT TYPES OF FEEDBACK... 4 3.1. FEEDBACK TO REPORTING ENTITIES ON SPECIFIC CASES... 4 3.2. FEEDBACK BETWEEN LAW ENFORCEMENT AUTHORITIES AND THE FIU... 7 3.3. FEEDBACK ON TRENDS AND TYPOLOGIES... 8 3.4. EXCHANGE OF INFORMATION BETWEEN COMPETENT AUTHORITIES AND THE FIU... 9 3.5. FIU TO FIU CO-OPERATION AND FEEDBACK... 11 ANNEX : GLOSSARY... 12 EN 1 EN
1. INTRODUCTION This report reflects the work conducted on the issue of "Feedback" in the "EU Financial Intelligence Units' Platform" 2.The purpose of the report is twofold: a) to take stock of existing arrangements concerning feedback on money laundering and terrorist financing in Member States of the European Union; b) to identify good practices which can be followed to improve quality and effectiveness of feedback. European FIUs 3 are aware that it is imperative for them to have robust mechanisms in place to provide feedback to their respective reporting sectors. All the more so in view of the requirements set out in the Third AML/CFT Directive (2005/60/EC). The ability of FIUs to provide meaningful and useful feedback to reporting institutions and persons is determined by a number of factors. In the first place, the volume of STRs or SARs received, the diversity of reporting entities (e.g. banks, insurance companies, investment firms, lawyers, notaries, accountants, trust & company service providers, casinos, etc.), the variety of law enforcement authorities to which SARs/STRs can be referred and the number of disclosures dealt with by such authorities all have a bearing on the content and extent of feedback. There are different kinds of feedback, as for the content (specific cases, trends, typologies) and for the actors involved (reporting entities, law enforcement agencies, FIUs, supervisors, etc.). The feedback frequency also varies. The quality of the interface between the FIU and the competent law enforcement authorities on one hand and the reporting sectors on the other, in terms of procedures and relationships, is crucial. The FIU must be able to obtain information about the use of the disclosures and their follow-up and, at the same time, to demonstrate to the reporting sector the value of their engagement in the AML/CFT framework. Effective and timely feedback is valuable, not least, to help identifying priorities and shaping an appropriate risk-based approach within the regulated sector. Another merit of this engagement with stakeholders in the private sector is the understanding that the FIU is able to meet industry's concerns and requirements. The knowledge coming from the disclosures, their use and outcome is relevant in informing government policies and ensuring that future legislative changes take account of the issues faced by practitioners. Equally, the FIU can provide regulators with general performance information about a given reporting sector. Whilst resource issues are an ever present consideration for all FIUs, the adoption of a strategic approach to feedback should assist an FIU in meeting its feedback obligations. The report is articulated into two main parts. The first one contains a brief overview of the existing regulatory framework at the international and at the EU level; the second 2 The EU FIUs' Platform is an informal body set up in 2006 by the European Commission, which participates in its activities and provides support. The main purpose is to facilitate cooperation and exchange of information among FIUs of EU Member States, with a view to identify problems and good practices in the framework of the implementation of the third EU AML/CFT Directive. 3 A glossary of acronyms is provided in Annex EN 2 EN
part is dedicated to the analyses of different kinds of feedback. Specific sections in the second part deal with feedback to reporting entities on individual cases, on trends and typologies, feedback between Law Enforcement Authorities and the FIU, FIU-to- FIU feedback and with the exchange of information between the FIU and other competent authorities. 2. WHAT IS "FEEDBACK" The activities of the actors involved in the AML/CFT system are very much about receiving, processing and disseminating information. Reporting entities disclose information to the FIU, by filing suspicious transactions reports and other reports provided for by relevant legislation; they also provide information in response to FIU's further requests. The FIU carries out its analytical functions by accessing external databases, obtaining information from other domestic public authorities, exchanging information with foreign counterparts. Law enforcement authorities and prosecutors receive information concerning relevant disclosures from the FIU and, in their turn, perform investigations and start judicial proceedings. Information is also fed back, so that all players are aware of the results achieved and lessons are learnt from the experience; effectiveness and efficiency can thus be improved. Prosecutors and law enforcement agencies inform the FIU about the outcome of the analysis performed by the latter; the FIU informs the reporting entities about the use of the disclosures filed by them and the results achieved thereby. Moreover, feedback can be provided to foreign FIUs and information on reports can be provided to other competent authorities, like supervisors. Therefore, the flows of information used for AML/CFT purposes have complex dynamics. Every actor provides inputs and receives information. When the information is fed back in response to previous inputs, the process has a circular structure. This mechanism is particularly straightforward in relation to information pertaining to specific cases, like for STRs/SARs: reporting entities inform the FIU about possible money laundering or terrorist financing phenomena and are subsequently informed about the outcome. Trends, typologies and indicators are also made available. 2.1. THE REGULATORY FRAMEWORK Against this background, relevant provisions address specific types of feedback and identify information which has to be fed back. Requirements are established by the Financial Action Task Force (FATF) standards and the third Anti Money Laundering Directive. FATF Recommendation 25 deals with feedback. The FATF has produced a document entitled Best Practice Guidance on Providing Feedback to reporting Financial Institutions and Other Persons. According to this guidance, the FIU should publicly release reports that include statistics, typologies, and trends as well as information regarding its activities. Competent authorities should establish guidelines that will assist financial institutions and designated non-financial businesses or professions ("DNFBPs") to implement EN 3 EN
and comply with their respective AML/CFT requirements. For those businesses and professions, such guidelines may be established by Self Regulatory Organisations. At a minimum, the guidelines should give assistance on issues covered under the relevant FATF recommendations, including (i) a description of money laundering (ML) and terrorist financing (TF) techniques and methods, (ii) any additional measures that these institutions and DNFBPs could take to ensure that their AML measures are effective. The third AML/CFT Directive replaces the first AML Directive (91/308/EEC) as amended by the second AML Directive (2001/97/EC). The deadline for the implementation of the third Directive was 15 December 2007. For the purposes of this paper, it is important to note that under Article 35 of the third AML/CFT Directive Member States shall ensure that wherever practicable timely feedback on the effectiveness and follow-up of suspicious reports on money laundering and terrorist financing is provided". Moreover, Member States shall ensure that the institutions and persons covered by this Directive have access to upto-date information on the practices of money launderers and terrorist financers and on indications leading to the recognition of suspicious transactions". Therefore, the following types of feedback have to be provided, according to the Directive: Feedback on suspicious transactions reports, to inform the reporting entities about their follow-up; this case-by-case feedback should be provided "wherever practicable"; Feedback on money laundering and terrorist financing practices (trends & typologies). Furthermore, indications leading to the recognition of suspicious transactions have also to be made available. 3. RELEVANT TYPES OF FEEDBACK Due to the complex nature of the exchanges of information in the AML/CFT system, there are several instances where feedback has to be provided. As said, feedback flows vary in relation to the entities involved and the nature and content of the information. 3.1. FEEDBACK TO REPORTING ENTITIES ON SPECIFIC CASES The necessity to provide feedback on specific cases does not imply the need of a systematic case-by-case feedback, i.e. on each and every disclosure filed by reporting entities. Indeed, according to the Directive, information on the outcome of particular reports has to be fed back "wherever practicable". EN 4 EN
Providing information on each and every specific case may not be appropriate or effective, neither for the FIU nor for the reporting entities. The "practicability" which the Directive refers to has to be determined taking account of many variables. Those include, for example, the overall number of STRs/SARs (if that is particularly high, systematic feedback may not be practicable), the opportunity to focus on significant cases, the need not to put obstacles to investigations. A selective approach to feedback on specific cases may therefore be necessary. Practices (1) The FIU can acknowledge receipt of all STRs/SARs received (2) Information on the outcome of the case can be fed back only if the reporting entity so requests. (3) Feedback can be provided only if the initial report has produced positive results. In these cases, feedback can be related to reports that lead or significantly contribute to successful criminal investigations. (4) Feedback can be provided only if the initial report has turned out to be unfounded. (5) Case by case feedback can be provided by the FIU on a periodical basis through a standardized form indicating the current status of each disclosure (specifying whether the case is being pursued, an offence has been detected, a criminal proceeding has been initiated or the case has been closed). (6) Feedback information from several cases can be collated and disseminated to many recipients at the same time through, for example: sector specific seminars; dissemination of examples to reporting entities or their publication; preparation of a compendium (7) To allow an effective exchange on the use of the information disclosed, a point of contact between the FIU and the reporting parties can be established and a dedicated phone line can be maintained. (8) Information on results achieved through the disclosures can be provided in FIUs' periodical reports. (9) Money laundering and terrorist financing indicators can be compiled and updated constantly. EN 5 EN
Issues Timing of feedback According to the Directive, feedback on specific cases has to be provided "timely". Ideally, information to reporting entities should be transmitted as soon as the information becomes available to law enforcement or judicial authorities. However, feedback should not prejudice investigations. Information provided at a too early stage may violate the confidentiality regime for the investigation. In many instances, feedback on specific cases can only be ensured after the activity of law enforcement agencies has come to an end. This concern does not necessarily arise for the information to be provided by law enforcement or judicial authorities to the FIU (par. 3.2). On the other hand, disclosures should be filed by reporting entities before executing the transaction and the execution should be suspended until the FIU (or other competent authorities) provides its consent for the execution or issues a postponement order. In these cases, reporting entities need a quick input on how to deal with the pending transaction and with the customer. The decision on whether or not to postpone the reported transaction, communicated to the reporting entity, obviously brings an element of feedback. There may be tension between the need to ensure that offences are not perpetrated (or brought to further consequences), or that money is not subtracted and the need to ensure confidentiality of the investigations. In this respect, the postponement of the transaction, while informing the reporting entity that the disclosure can have useful investigative follow-up, also creates a risk of tipping-off the customer which, again, may hinder the ensuing investigation. Appropriate practices should be developed by the FIU and the law enforcement agencies allowing to reduce these risks when ordering the postponement of reported transactions or otherwise provide feedback immediately after the disclosure. Data protection Feedback information on specific cases may also be nominative. Issues may arise as to the retention period applicable to the information that is fed back, to the need to notify the data subject and to the possible use of feedback information in managing the business relationship with the customer. EN 6 EN
3.2. FEEDBACK BETWEEN LAW ENFORCEMENT AUTHORITIES AND THE FIU To be able to provide feedback to reporting entities, FIUs need themselves to obtain information from law enforcement and judicial authorities about the follow-up of specific cases. Also, information about the outcome of investigations which have been triggered by or have benefited from STRs/SARs and the analysis carried out by the FIU is useful to the FIU itself, with a view to focusing future activities appropriately and refining the methodologies applied. While the access to law enforcement information concerning the outcome of the disclosures may be relatively easy for those FIUs which have a police or a prosecutorial nature, FIUs of an administrative nature may need to receive appropriate and specific flows of information from competent Law Enforcement and Judicial authorities on relevant cases. Concerns have been raised on the practicalities of specific case feedback. In particular, it may be difficult to tie specific investigative or judicial outcomes to particular STRs/SARs. In this respect, the lack of appropriate organizational arrangements (e.g. links which enable tracing the final outcome back to the initial input) and the possibility that relevant cases are built upon the consideration of multiple disclosures, both play a role in explaining the existing difficulty in systematically relating STRs/SARs to a well-identified case. Practices (1) Law enforcement agencies, prosecutors and/or judges can provide the FIU with feedback on the relevance of the information forwarded to them and of the use thereof. (2) Law enforcement authorities working on STRs/SARs can be required to complete a form indicating the follow-up of every disclosure received, so that outcomes can be linked to specific disclosures and therefore their relevance can be assessed. (3) FIUs can establish appropriate contacts with law enforcement agencies allowing to monitor and record the use of SARs/STRs and to receive feedback. (4) The FIU can directly access police databases, criminal and court registers in order to obtain information about the use of the information provided. (5) The FIU can share information with law enforcement agencies on trends, typologies and statistics. This helps analysing and adopting best practices and encourages joint-working, at the same time expanding the use of STRs/SARs intelligence outwards from the limited field of specialist financial analysis into the wider remit of front-line policing. EN 7 EN
3.3. FEEDBACK ON TRENDS AND TYPOLOGIES Feedback on general trends can be based on STRs/SARs and other available information showing recurrent patterns of criminal behaviour. Also, general feedback can be given through statistics (e.g. the number of reports aggregated per sector or area, compared to the number of reporting entities or persons in that sector or area, compared to the outcome). Trends and typologies concerning money laundering can be identified and described based on information gathered from a variety of sources. Besides the FIU, a number of competent authorities can give useful contributions: law enforcement agencies, judicial authorities, intelligence services, supervisors, etc. Besides the outcome of STRs/SARs, law enforcement authorities can also inform the FIU about circumstances where those authorities have identified relevant money laundering or terrorist financing phenomena. This information can derive from intelligence developed for investigative purposes and can be particularly useful for the FIU to elaborate indicators for the detection of further relevant cases. The identification of trends and typologies requires intense dialogue and cooperation among all the authorities involved. Often, the FIU plays a coordinating role in gathering, organising and disseminating the information. Practices (1) Information on trends and typologies can be distributed on a regular basis to reporting entities, law enforcement bodies, government departments and regulators. Feedback can be differentiated according to the degree of confidentiality of the information involved and to the nature of the recipient. (a) (b) (c) Government departments and law enforcement agencies can receive classified problem profiles and typologies. Regulators can receive both classified and sanitised material, as appropriate. The reporting sector can receive sanitised typologies. (2) Feedback information can be provided electronically, for example through Internet based tools; depending on the level of confidentiality, secure networks or web pages can be used to provide information on trends and typologies. (3) A newsletter can be compiled by the FIU with current trends and typologies. Specific periodic bulletins on CFT can be presented to the financial sector at meetings, conferences, and seminars. EN 8 EN
(4) The FIU can establish a programme of regular seminars for Money Laundering Reporting Officers and their senior management to discuss trends and typologies. (5) The FIU can convene a regular discussion group for banks, professional associations and supervisory bodies. (6) The exchange of information on money laundering and terrorist financing trends can take place in committees comprising different authorities, where the private sector is also represented. In these contexts, industry participants can also contribute to the formulation of policy proposals and can provide advice to competent authorities. (7) Feedback on general trends and typologies can also be dealt with together with issues concerning compliance with AML/CFT obligations. In this respect, awareness sessions can be organised on both trends in money laundering and terrorist financing activities and compliance with AML/CFT requirements. Such sessions could be held jointly by the FIU and competent supervisory authorities (unless the FIU has itself supervisory tasks on AML/CFT compliance). (8) The FIU can set up a dedicated Prevention and Alerts team, gathering information on specific and immediate threats and alerts and disseminating this information to the regulated sector (and, where appropriate, to the general public). (9) For particularly sensitive topics, the FIU can set up a specialist security' group, comprising representatives from both the financial sector and law enforcement sectors 3.4. EXCHANGE OF INFORMATION BETWEEN COMPETENT AUTHORITIES AND THE FIU Within the feedback cycle, FIUs should receive information from a number of other authorities active in the AML/CFT arena. These exchanges are especially important to a) allow FIUs to provide feedback to reporting entities and b) assist FIUs in setting priorities on relevant areas of work. Exchanges between FIUs and supervisors are particularly frequent and important. FIUs provide supervisors with information concerning compliance with the reporting obligations by supervised entities (e.g. numbers of reports received from each obliged institution or person, aggregated according to the geographical area; considerations on the meaningfulness of the disclosures; information on the capacity of reporting entities to respond to further requests for data; information on the capacity to report transactions before their execution and to refrain from executing EN 9 EN
them before receiving instructions, etc.). Also, supervisors inform FIUs about anomalies detected in performing the controls. They can also assist FIUs in their analysis, by providing sectorial expertise or additional information available to them. Relevant competent authorities and the FIU exchange information through bilateral contacts, especially in relation to specific cases, and also through their participation in committees and working groups at national level. Participation in such coordinating bodies allows the circulation of confidential information coming from different sources and their joint analysis. This is particularly useful for the early identification of trends and threats. Several national practices point in that direction. Practices (1) The FIU can develop a strategic approach to providing regulators with appropriate performance data on their particular sectors to allow them to engage with regulated entities to improve performance. (2) The FIU can participate in coordination committees including representatives of relevant ministers, judicial authorities, supervisory authorities. Such committees can provide an appropriate framework for the exchange of information on trends and threats. They can also facilitate the development of standards for AML/CFT compliance, the provision of guidance as well as the coordination needed for appropriate policy and decision making. (3) The FIU can coordinate "STRs/SARs committees" that involve relevant public and private organisations, tasked with the exchange of information on the reporting regime and the discussion of methods for its improvement. Europol is also part of the system of exchange of information on STRs/SARs. Since 2001, it has developed an operational analytical project (Analytical Work File on Suspicious Transactions AWF SUSTRANS) to collect, process, and analyse STRs and/or CTRs filtered by law enforcement agencies in line with directions given by Article 30(1)(b) of the Amsterdam Treaty. Many EU FIUs are already contributing to the activities of such project by sending STRs, via their competent national authorities. Feedback on investigative links established through the analysis is regularly provided by Europol. Appropriate arrangements have to be established and maintained at national level between FIUs and competent law enforcement agencies to ensure that information on STRs or CTRs are regularly exchanged in the framework of this pan-european AML analytical project. EN 10 EN
3.5. FIU TO FIU CO-OPERATION AND FEEDBACK In the framework of general cooperation, FIUs can inform their counterparts about the use of the information received and the outcome of the analysis or of the investigation carried out using it. In this respect, feedback can either be requested by the FIU which has provided the information or can be given spontaneously by the FIU which has received and used that information. Practices (1) The FIU can establish a mechanism to provide meaningful feedback on the utility or value of answers to requests made by them. (2) The FIU which supplies information in response to specific requests can provide updates on an ongoing basis as further relevant information becomes apparent. (3) In case of multiple FIUs enquiring on the same subjects, feedback should be differentiated if requesting FIUs do not want to share the information with the others Issues FIU.NET could be used to ensure quick feedback about the use of the information by the requesting FIU. If the information is transmitted to further bodies, feedback should also be provided about the follow-up given by those bodies. EN 11 EN
ANNEX : GLOSSARY In this Report, the following abbreviations are used: "AML" means Anti-Money Laundering "CFT" means Counter-Terrorist Financing "CTR" means Cash Transaction Report "FATF" means Financial Action Task Force "FIU" means Financial Intelligence Unit "FIU.NET" indicates a decentralised computer network designed to connect EU FIUs to exchange information (www.fiu.net) "SAR" means Suspicious Activity Report "STR" means Suspicious Transaction Report EN 12 EN